On Mon, Mar 20, 2017 at 11:51 AM, Isura Karunaratne <is...@wso2.com> wrote:
> Hi Omindu, > > > > On Mon, Mar 13, 2017 at 5:00 PM, Omindu Rathnaweera <omi...@wso2.com> > wrote: > >> Hi, >> >> On Sun, Mar 12, 2017 at 7:59 AM, Ruwan Abeykoon <ruw...@wso2.com> wrote: >> >>> Hi All, >>> Can the hash algorithm change over the time? >>> If so we need to record the hash algorithm used to do hashing along with >>> the particular password history record. We need to use the particular >>> algorithm to do the comparison, not the system configured one. >>> >> >> In addition to the hashing algo, we should store the key length and the >> iteration count. We have given the option to configure these properties for >> the credential stores and we should do the same for password history >> management. Since we are storing the current password in the history table, >> the hashing mechanism should be similar to that of the credential stores. >> > - > I don't think we need to use the same hashing algorithm since we are using > salted password. We store the passwords in password history table only if > we enable this feature. So, the clients who don't like to duplicate their > passwords in Identity tables can disable the password history feature and > use the feature supported in relavant user store such Active Directory. > > Thanks > Isura. > >> >> Regards, >> Omindu. >> >> >>> >>> Cheers, >>> Ruwan >>> >>> >>> On Sun, Mar 12, 2017 at 7:44 AM, Gayan Gunawardana <ga...@wso2.com> >>> wrote: >>> >>>> Hi All, >>>> >>>> We are in the process of implementing password history validation >>>> feature for IS 6.0.0. Architecture of this feature was previously discussed >>>> in [1] by Isura for IS 5.3.0. We plan to follow same architecture with >>>> minor changes. >>>> >>>> Previously history validation has been done by checking only last 'n' >>>> number of attempts. Ex. you cannot use a password which is inside last 5 >>>> attempts. This time we additionally validate time factor as well Ex. you >>>> cannot use a password, if there is a similar password with created date >>>> inside last 7days. >>>> >>>> Table structure will be changed as below since we have unique user ID >>>> in C5. >>>> >>>> *Previous * >>>> >>>> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >>>> ID INTEGER NOT NULL AUTO_INCREMENT, >>>> USER_NAME VARCHAR(255) NOT NULL, >>>> USER_DOMAIN VARCHAR(127) NOT NULL, >>>> TENANT_ID INTEGER DEFAULT -1, >>>> SALT_VALUE VARCHAR(255), >>>> HASH VARCHAR(255) NOT NULL, >>>> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >>>> PRIMARY KEY(ID), >>>> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >>>> )ENGINE INNODB; >>>> >>>> >>>> *New * >>>> CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA ( >>>> ID INTEGER NOT NULL AUTO_INCREMENT, >>>> USER_UNIQUE_ID VARCHAR(255) NOT NULL, >>>> SALT_VALUE VARCHAR(255), >>>> HASH VARCHAR(255) NOT NULL, >>>> TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, >>>> PRIMARY KEY(ID), >>>> UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH) >>>> )ENGINE INNODB; >>>> >>>> Password Hashing algorithm will be a configurable property. >>>> >>>> [1] [Architecture] Force Password Reset and Password History validation >>>> >>>> Thanks, >>>> Gayan >>>> >>>> -- >>>> Gayan Gunawardana >>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>> Email: ga...@wso2.com >>>> Mobile: +94 (71) 8020933 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> >>> *Ruwan Abeykoon* >>> *Associate Director/Architect**,* >>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >>> *lean.enterprise.middleware.* >>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Omindu Rathnaweera >> Software Engineer, WSO2 Inc. >> Mobile: +94 771 197 211 <+94%2077%20119%207211> >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture